Generate and sign TSL certificates with ease

Manage certificates with ease.


wget -O certctl
chmod +x certctl
./certctl version
sudo mv certctl /usr/local/bin/

Generate CA or Self-signed certificate

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/CN=Any Root" 
    --key ca.key --cert ca.crt --days 36500 --size 4096

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/" 
    --san *,localhost, 
    --key --cert --days 365 --size 4096

certctl generate --subject "C=CN/ST=Beijing/L=Haidian/O=Any Corp/" 
    --san *,localhost, 
    --key --cert --days 365 --size 4096 
    --usage digitalSignature,keyEncipherment 
    --extusage serverAuth,clientAuth,emailProtection

certctl help generate

A full list a key usages are:

  • digitalSignature
  • contentCommitment
  • keyEncipherment
  • dataEncipherment
  • keyAgreement
  • keyCertSign
  • cRLSign
  • encipherOnly
  • decipherOnly

A full list of extended key usages are:

  • any
  • serverAuth
  • clientAuth
  • codeSigning
  • emailProtection
  • IPSECEndSystem
  • IPSECTunnel
  • IPSECUser
  • timeStamping
  • OCSPSigning
  • netscapeServerGatedCrypto
  • microsoftServerGatedCrypto
  • microsoftCommercialCodeSigning
  • microsoftKernelCodeSigning

Sign certificate with CA

certctl sign --ca-key ca.key --ca-cert ca.crt --subject "" 
    --key --cert

certctl sign --ca-key ca.key --ca-cert ca.crt --is-ca 
    --subject "" 
    --key --cert 
    --usage digitalSignature,keyEncipherment,keyCertSign 
    --extusage serverAuth,codeSigning

certctl help sign

Show certificate/csr from file

certctl show cert-filepath.crt
certctl show csr-filepath.csr


Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

GIPHY App Key not set. Please check settings

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company

Open-Source Frontend for Emulators “RetroArch” Now Available on Steam for Windows and Linux Users